59040 matches found
CVE-2025-40587
A vulnerability has been identified in Polarion V2404 All versions V2404.5, Polarion V2410 All versions V2410.2. The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting...
CVE-2026-2098
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2026-2099
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
CVE-2026-2098
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2026-2099
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
CVE-2026-2099
CVE-2026-2099 concerns AgentFlow by Flowring, which presents a Stored Cross-Site Scripting (XSS) vulnerability. Authe nticated remote attackers can inject persistent JavaScript that executes in users’ browsers when the page loads. Current metrics (TW CERT references) indicate a MEDIUM severity wi...
CVE-2026-2099 Flowring|AgentFlow - Stored Cross-Site Scripting
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
CVE-2026-2099 Flowring|AgentFlow - Stored Cross-Site Scripting
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
CVE-2026-24325
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
CVE-2026-24325
SAP BusinessObjects Enterprise contains a Stored XSS flaw due to insufficient encoding of user-controlled inputs. An admin user could inject JavaScript that executes when visiting the affected page. The issue has a CVSS v3.1 base score of 4.8 (Medium) with Network access, Low confidentiality and ...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome
Affected Software: Google Chrome prior to version 121.0.6167.8...
PT-2026-7224
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
Flowring Agentflow 跨站脚本漏洞
Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a cross-site scripting vulnerability, which stems from reflective cross-site scripting. This vulnerability could allow unverified remote attackers to execute...
PT-2026-7263
Name of the Vulnerable Software and Affected Versions Sarman Soft CMS versions through 10022026 Description The software contains an Execution After Redirect EAR issue that allows for JSON Hijacking, also known as JavaScript Hijacking, and Authentication Bypass. This flaw occurs due to improper...
CASL 安全漏洞
CASL is a JavaScript library developed by Serhii Stotskyi. Versions 2.4.0 to 6.7.4 of CASL contain security vulnerabilities, which stem from prototype pollution and may lead to logical errors or other attacks...
PT-2026-7239
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
Flowring Agentflow 跨站脚本漏洞
Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a cross-site scripting vulnerability. This vulnerability stems from stored-xss scripts, which may allow authenticated remote attackers to inject persistent...
CVE-2026-25925
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to...
CVE-2026-25925
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to...